CVE-2007-2360

Published: Apr 30, 2007Modified: Apr 23, 2026

6.8

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 3.1 / Impact: 10.0

Source: NVD

Description

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.

Affected (15)

Products: Symantec: Backupexec System Recovery, Livestate Recovery, Norton Ghost, Norton Save And Recovery

Symantec

4 products

Backupexec System Recovery

Livestate Recovery

Norton Ghost

Norton Save And Recovery

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Symantec Backupexec System Recovery	Version 6.52
Symantec Backupexec System Recovery	Version 6.52a
Symantec Backupexec System Recovery	Version 6.53
Symantec Backupexec System Recovery	Version 6.5
Symantec Livestate Recovery	Version 6.01
Symantec Livestate Recovery	Version 6.02
Symantec Livestate Recovery	Version 6.0
Symantec Norton Ghost	Version 10.01
Symantec Norton Ghost	Version 10.0
Symantec Norton Ghost	Version 10.0
Symantec Norton Save And Recovery	Version 1.01
Symantec Norton Save And Recovery	Version 1.01b
Symantec Norton Save And Recovery	Version 11.01
Symantec Norton Save And Recovery	Version 11.01b
Symantec Norton Save And Recovery	Version 11.0